Mobile

tripwire.com

Hundreds of millions of Facebook users’ phone numbers found lying around on the internet

A security researcher found a server on the internet containing more than 419 million records related to Facebook users.

No password protection was in place – meaning the treasure trove of phone numbers was available to literally anybody with an internet connection.

Read more in my article on the Tripwire State of Security blog.

Smashing Security podcast #144: Google helps the FBI, Twitter Jack’s hijack, and car data woes

Should Google really be helping the FBI with a bank robbery? What’s the story behind the Twitter CEO claiming there’s a bomb in their offices? And how much does your car really know about you?

And we mourn the loss of Doctor Who legend Terrance Dicks…

Twitter disables tweeting via SMS (temporarily at least), in wake of Jack Dorsey account hijack

In the wake of the CEO of Twitter having his account hijacked the site has disabled the option to tweet via SMS.

Earn $2.5 million if you find a remote zero-day exploit for Android

A vulnerability broker is offering up to $2.5 million for zero-day remote exploits which would allow attackers to infect a remote Android smartphone with malware, with no user interaction required. But who will they then sell exploits to?

About the Twitter CEO ‘@jack hack’

Twitter co-founder Jack Dorsey had his account hijacked, after his mobile phone provider allowed someone else to seize his number.

bitdefender.com

Google’s bug bounty bid to make big Android apps more secure

Google’s bug bounty has been expanded to not only covers the firm’s own products, but additionally all apps in the official Google Play store which have had 100 million or more installs.

Read more in my article on the Hot for Security blog.

iOS 12.4.1 update fixes jailbreak vulnerability that Apple accidentally reintroduced

Apple has fixed the jailbreaking vulnerability in iOS that it previously unfixed.

bitdefender.com

D’oh! Apple botches iOS update, leaves iPhones open to jailbreaking

For the first time in years, hackers have created a working exploit that can jailbreak the latest, fully-updated version of iOS.

And a goof by Apple has allowed them do it.

Read more in my article on the Hot for Security blog.

bitdefender.com

AT&T workers bribed to install malware on company network and unlock iPhones

34-year-old Muhammad Fahd has been charged for his part in a criminal scheme that is said to have cost AT&T millions of dollars.

Read more in my article on the Hot for Security blog.

500,000 Monzo banking customers told to change their PINs

Mobile-only bank Monzo has apologised for a gaffe which left the PINs of a subset of its customers exposed to its internal engineers.

Smashing Security podcast #139: Capital One hacked, iMessage flaws, and anonymity my ass!

Capital One gets hacked, critical vulnerabilities are found in iMessage, and data anonymization may not be as good as we hope. But listen up, we also discuss the Legend of Zelda, a biography of tech giants, offer advice for escaping an angry moose, and are introduced to… Penelope?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast.

Google found a way to remotely attack Apple iOS devices by sending a boobytrapped iMessage

Have you updated your iPhone and iPad to iOS 12.4 yet?

If you care about your security and privacy, then Google researchers have given you a very good incentive to do so as soon as possible.

tripwire.com

Apple says its Walkie-Talkie app could be exploited to spy on iPhones

Apple has chosen to temporarily disable a key feature of the Apple Watch after a critical vulnerability was discovered that could allow someone to eavesdrop on another person without their knowledge.

Read more in my article on the Tripwire State of Security blog.

Smashing Security podcast #135: Zombie grannies and unintended leaks

We take a bloodied baseball bat to Android malware, and debate the merits of a social media strike, as one of the team bites the bullet and buys a smart lock for the office.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Oli Skertchly.

Smashing Security podcast #132: CBP cyber attack, an iPhone privacy boost, and Twitter list abuse

United States Customs and Border Protection had sensitive data stolen, but the hackers didn’t have to breach its network. Apple has ambitious plans to make iPhone users safer online. And trolls are using Twitter lists to target their victims.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

bitdefender.com

La Liga fined €250,000 after Android app spied on football fans

The Spanish football league La Liga has been hit with a fine after its official Android app was found sneakily listening to people’s surroundings when soccer matches were being played.

Read more in my article on the Hot for Security blog.